That is the one.

It depends why you got the HH. If you have an unlocked HG612 and still want to see the full stats you just plug the ethernet cable from the HG612 into the HH WAN port.

If you want a single-box solution then as ukhardy says.

Okay back online. HH5 is working well. Just have to go around the house now and rejoin all our devices to the new wifi.

RobertoS, I got the HH because the wifi on the WNR1000 wasnt all that good and our Fire TV stick wouldnt connect. I have tested it now and its working well. Thanks to you, UKHardy and Batboy for your help.

Bet the signal is a lot better!

A quick fix, if you are feeling lazy - just set the same SSID, password and encryption as before. Your devices wont even realize a new network is setup.

EDIT: Or keep it as BT, everyone can think you're flashy with the most expensive main-stream provider

Edited by ukhardy07 (Tue 26-Jul-16 18:52:38)

I have noticed the wifi signal is better.

The wifi i need to change anyway as its been the same since we had fibre installed. About time for an update

I don't know what options you have on the Home Hub 5 interface, but whilst you're working on your Wi-Fi, it's worth turning off some of the compatibility options that you likely no longer need that will be hurting security and, quite possibly, performance.

Try disabling WPA and use WPA2 only. This might involve turning off a "'WPA Mixed Mode" setting somewhere - it depends on the router. WEP is hopelessly broken and can no longer be considered any sort of security whatsoever.

Try disabling support for 802.11b, and operating the 2.4GHz radio in g/n only mode. There are few useful devices left that do not support 802.11g.

Ideally, you should set a WPA2-Personal passphrase of 63 random characters unless you are in a position to run your own RADIUS server and switch to WPA2-Enterprise.

Try disabling WPA and use WPA2 only. This might involve turning off a "'WPA Mixed Mode" setting somewhere - it depends on the router. WEP is hopelessly broken and can no longer be considered any sort of security whatsoever.

It comes out of the box like this

Try disabling support for 802.11b, and operating the 2.4GHz radio in g/n only mode. There are few useful devices left that do not support 802.11g.

Having wireless B support will not slow anything down unless a wireless B client connects.

Ideally, you should set a WPA2-Personal passphrase of 63 random characters unless you are in a position to run your own RADIUS server and switch to WPA2-Enterprise.

Seems a huge overkill in my view. Imagine entering that on every device. I understand it does help with a brute-force attack, but a 10 to 16 digit random password should suffice in the real world.

The biggest security aspect to consider is WPS, which can be compromised relatively easily. Even with a 63 digit password, with WPS enabled, I am pretty sure I would be able to get the full 63 digit password overnight, possibly in a few minutes depending on the version of WPS in use.

WPS is an 8 digit pin number, hard coded into the device, so vulnerable to brute-force.
Some manufacturers made the WPS PIN a combination of the routers MAC / Serial number which is one issue...

But the biggest issue:

The 8th digit is generated based on the first 7 digits, so it is predictable
There are two stages to authentication, M4 and M6.

Say my PIN is 12345678, M4 is 1234, M6 5678

WPS will drop the connection immediately if you make a mistake after M4. That is, the first 4 digits must be correct before the AP will process the second 4 digits.

This greatly reduces the time required to brute-force. 10^4 is only 10,000, so 10,000 possible combinations to figure out the 1st four digits.

The 2nd half, well the 8th digit does not count as it's not random, so we only have 10^3 = 1000 combinations.

Then we can get the 8th digit, based on the first 7 digits.

So at absolute maximum we have 11,000 different combinations. This would take 3 hours to brute force at 1 attempt a second, but often the AP performs fine with 1 attempt every 0.5 seconds, ie 1.5 hours, and this is assuming you brute force it at the 11,000th attempt, when actually it may happen on the 1,000th attempt ie 15 minutes into running.

Once you have the WPS PIN, the AP will just hand over the full WPA-2 password, it does not matter if it's 63 digits or not.

Change the password - it does not matter, I have the hard coded, unchangeable WPS PIN, your router just hands me over the new PW.

Edited by ukhardy07 (Tue 26-Jul-16 19:54:20)

Agree fully with your final paragraph - it is miraculous!